Changelog since v0.32.4
According to a recently discovered vulnerability, it reveals that the existence of a directory traversal vulnerability when an arbitrary path can be specified as the Helm values file path.
For this reason, PipeCD has restricted the path that can be specified as the values file path to the directory where the application configuration exists (aka. the application directory) when a local path is specified by #3726.
Therefore, for example, in the following specification of values file paths, the first three are allowed, but the last two are not.
helmOptions: valueFiles: # allowed - values.yaml - ./foo/bar/values.yaml - /path/to/application-directory/values.yaml # disallowed - ../../../../path/to/OTHER-application-directory-or-such/values.yaml - /path/to/OTHER-application-directory-or-such/values.yaml
For more information, please see HelmOptions configuration reference.
- Sort the application suggestion name in application filter form (#3740)
- Make piped upgrade version input box selectable (#3734)
- Add feature to show piped config on web console (#3673)
- Add some tips to contributor guide (#3739)
- Only show latest 6 released versions in piped upgrade dialog (#3737)
- feat: Add serviceAccountName field (#3736)
- Fix bug that cloud provider type is not resolved correctly (#3735)
- Bump async from 2.6.3 to 2.6.4 in /web (#3539)
- Bump eventsource from 1.0.7 to 1.1.1 in /web (#3714)
- Auto-complete Piped form when only one Piped has been added (#3723)
- Define the LoadApplication function in the config package (#3730)
- Add RestartPiped gRPC to Web API (#3725)
- Add Sync Strategies definition to concepts page (#3728)
- Make report piped meta works with filedb (#3727)
- Omit empty fields in the “Show the configuration” dialog (#3724)
- Refine web console UI/UX related to show Piped configuration feature (#3718)
- Fix the script of generating release (#3721)